Early Access Node SiteCLI Reference
Objective
Specific Customer Edge (CE) serviceability tools, like debug log bundle and SiteCLI Commands, will be available as Early Access within the site's Tools tab (Multi-Cloud Network Connect > Overview > Infrastructure > Sites) with the September 24, 2024, release.
Prerequisites
-
Ensure that the CE Site is running the September 24, 2024, release or higher.
-
Ensure that the user is part of the following API groups:
| User Role | Requirement |
|---|---|
| F5xc-site-management-standard-user | Read-only SiteCLI commands. |
| F5xc-site-management-monitor-user | Debug log bundle |
| F5xc-site-management-standard-admin | Read/write SiteCLI commands. |
Debug log bundle
The Debug log bundle command includes all the diagnostic information to help F5 Technical Support investigate the root cause of an issue. Before this early access, this debug log bundle was only available to collect on a node-by-node basis. Customers had to identify the node in question and then navigate to the UI or SSH to the node to collect this information. With the Debug log bundle early access, customers can now collect a support bundle collection across all the nodes, or select nodes in a site directly from the Console without the need to identify the node IP addresses and connect to them on a node-by-node basis.
Figure: Debug log bundle
SiteCLI Commands
SiteCLI Commands allow you to debug and troubleshoot network issues, view forward state of the CE nodes, view BGP route information exchanged with external BGP endpoints, and run familiar Linux utility tools (like ip and netstat) directly from the Site Console to improve CE Site serviceability.
This functionality is available on a per-node basis as mode serviceability commands. You must log in to each node individually to run the commands. With this feature, a select set of commands are now directly available from Distributed Cloud Services Console, simplifying the CE serviceability needs.
As part of the Early Access, a select few commands are made available for you with a plan to expose a broader set of commands for General Availability (GA) in the future.
Here is a list of commands that are now available as part of the Early Access that you can run directly from the Distributed Cloud Services Console by selecting a node from a site:
-
Tunnel status commands: These commands can be executed to collect detailed status of the IPsec tunnels established between a Customer Edge and Regional Edges:
ipsec-statusipsec-statusall
-
Network connectivity commands: These IP address utility commands can be executed to check L2/L3 state of the CE interfaces:
ip <link> <addr> <route> <neighbor> show
-
CE site reachability to external F5 cloud endpoints: These commands can be used from the node (host) or from a system container, like Vega, by running the commands. This is especially useful as you check reachability to published public domains needed for healthy CE Site operation:
curl-host -v <host-name> e.g. gcr.io ; cloud.f5.comcurl-vega -v <host-name> e.g. gcr.io ; cloud.f5.com
-
Network connections from the CE Site nodes can be verified by running the familiar
netstatutility against any of the nodes in a site. -
Forward State Commands: The CE Site node's forwarding state can be queried to get information on all the current flows that are active on the node using the following commands:
flow-lflow-l-match <ip:port>
-
BGP Commands: CE Site nodes establish BGP sessions toward external BGP speakers for L3 reachability toward external destinations, origins, and more. The following commands can be run to check BGP state information:
show-ip-bgpshow-ip-bgp-neighborsshow-ip-bgp-advertised-routeshow-ip-bgp-summary
Known Caveats
Debug log bundle collection is not supported for CE sites running as pos(s) on k8s sites.